I am back from vacation and saw that Akismet has caught more than 22,000 spam comments over a two week period. That is roughly one spam comment every minute (65 comments each hour). Since February when we passed 100,000 spam comments, we have now passed a quarter million spam comments. (277,421 when I made the screenshot below).

The number of daily spam comments has grown more than 400% over the last year.

Though Thomas and I are thrilled with how well Akismet works, there are still one serious issue: Every day somewhere between 1 and 10 spam comments slip through. It’s not a big deal for us, as we usually remove them within minutes if they slip though.

Spam comments annoy subscribers

However, the comments that slip through actually annoys the most loyal readers. Our readers can subscribe to new comments on any article, and the spam that slips through actually generates an email to all subscribers.

Furthermore, any spam comments slipping through Akismet will occur in the comment feeds.

I feel really sorry for the subscribers because a subscription then eventually generates an email, and even though we remove the spam comments fast, people still gets irritating, irrelevant spam sent by us to the subscribers. And we really hate that.

I think that this problem is more widespread than it seems, as I myself have recieved some emails from blog articles I’m subscribing to:

As a consequence, Thomas and I will now look for ways to tightening things further than Akismet can do.

Possible solutions

Moderate all comments

We have previously talked about holding back all comments for moderation (or at least comments from unknown email adresses). This is very easy to do — just flip a switch in a WordPress administration module. One disadvantage with this solution: It adds a time-delay to the blog, and we feel that a blog should be immediate, and a discussion should take place without us acting as gatekeepers for the discussion.

Improve Akismet

We are not in a position to change or improve Akismet directly, but here is a suggestion: Comments should be evaluated better and not just based on if anybody else has marked a comment to spam. It would be cool if Akismet could sometimes “be in doubt” about a comment. What if Akismet could tell WordPress to hold a comment for moderation if it was likely to be spam. For example some of the comments that slipped though the last month had a Russian or Polish email address or www.yahoo.com as homepage. Some others contained the word casinos, which is a very unlikely word to use on this blog. This is of course not true to any blog, so it would be great marking this as “I’m not sure. please moderate for me”.

This suggestion is probably based on my lack of knowledge on how Akismet really works. But it would of course be ideal to add rules to Akismet in order to improve the program.

Adding a bot-filter in the comment form

We talked about adding one or more form fields and hide them via css, to not disturb screen readers. Then name the field something innocent test that the field is blank when recieved. If not blank, then it is likely that a robot has filled out the field. Not a human, because the field is hidden.

This probably requires some work as we have to try out possibilities for confusing spam bots and see what works and whatnot. There are probably also some disadvantages for people browsing without CSS.

Actually we have already done some work including renaming the wordpress standard form. That worked great at the time, but after 6 months or so, it did not really reduce the spam (we could actually see that in the error log).

Our preliminary conclusion

Eventually we will probably turn on comment moderation, as it is the only 100% guarantee that spam comments don’t slip through to our subscribers and loyal readers. Before we do that (and to avoid the time-delay drawbacks), we will experiment on making a better bot-filter in the comment form.

This entry was posted by Jesper Rønn-Jensen
on Tuesday, July 10th, 2007 at 14:16 (GMT-1) and is filed under Blogging, justaddwater.dk, spam, WordPress.
You can follow any responses to this entry through the RSS 2.0 feed.
Both comments and pings are currently closed.

11 Responses to “Blog Usability: Spam Comments Irritate Subscribers”

Another setting, which is present in my favorite blog software, Serendipity, is to hold comments for moderation only if the comment is for a blog posting more than 2 weeks old. It could help, depending on how the spambots crawl your site.

I read a “confession from a blog spammer” (can’t remember where), and one of the points were that he usually targeted old posts because they are more likely to go under the radar of the author, and still can raise page rank/awareness.

So your suggestion really should go to wordpress to implement that setting in the blog software.

I recall one blog requiring users to preview their comment before submitting, although I don’t recall whose blog implemented this.

Instead of there being a direct ‘submit’ button following the comment form, there is only a ‘preview’ button. This takes the user to a preview of the comment and only then can the comment be submitted.

Apparently this has proved extremely effective in cutting down spam and I just wish I could recall where I saw this.

There should be less spam. Not that I think most readers will have noticed much of it since I am pretty quick at removing spam (and I am considering more and more comments that look legitimate at first glance to be spam), but I do get hit by spam floods every now and then. Spam robots should find it harder to post comments now that i am Forcing Comment Previews.

But the preview is a good idea. Thanks for noting. Does anybody know if there is a preview comment plugin for WordPress??

Come to think of it, the method I mentioned might be even better if you used the date of the last article comment as a starting point instead of the date of the article itself. That way, active topics can keep themselves open. :)

I personally use spam karma and this has been great for me and it also has a “moderation” section which holds ‘unsure’ comments. I think during my time of using it, i have only had three or four slip through as actual comments.

I tweaked WordPress’ wp-post-comments.php file so that the “post” command on the blog post page is actually the IP address of the user. Real users won’t see anything different, and they can simply submit a comment. Anyone that spiders my site and later tries to submit a comment with that comment page will be blocked, since the IP address they are coming from doesn’t match the comment form they are trying to use. I wrote about it here: http://www.planetmike.com/journal/2007/04/02/blocking-wordpress-comment-spam/